In my year-long research project, the F5 Labs’ 2018 Application Protection Report, I asked if security professionals used storage encryption for data and applications. About 19% of survey respondents said they didn’t do any while 39% said they used encryption most of the time and 42% said they used it some of the time. What…
Read MoreIn simpler times, cybersecurity was a fairly straightforward proposition. You had your firewall, your gateway. You monitored traffic and scanned for viruses. The bad guys weren’t even always that bad, per se. Sometimes they were just there for kicks. But these are not simpler times. In today’s world of sophisticated criminals, hacktivism, espionage and cyber…
Read MoreOverall, the dollar losses are mounting, but the number of incidents has stayed pretty much the same, averaging 9 per year. During the uptick that occurred around 2013, the average jumped from three incidents per annum in previous years to 11 afterwards. What happened in 2013? Well, it was the Year of Bitcoin, per Forbes…
Read MoreStep 3: Investigate the State of IoT Usage within Your Organization Never believe what you’ve been told or your own assumptions. You need to find out for yourself what IoT devices are already in use within your environment. It’s dangerously naïve to assume there aren’t any in place already. Just like standard IT security risk…
Read MoreIt’s always interesting to watch how the ongoing digital transformation of our lives is changing the world in ways we never would have anticipated years ago. Financial information, social interactions, even our physical locations may be up for grabs in cyberspace, with real-world ramifications. For a few weeks this fall, the U.S. was fixated on…
Read MoreData from the Retail Cyber Intelligence Sharing Center (R-CISC) echoes the F5 SOC findings and shows that dramatic increases in shopping activity actually continue into January, making retailers a likely target of attackers.1 In a 2018 survey of R-CISC members, respondents expressed their concern, identifying phishing, credential compromise, and account takeover (ATO) among their top…
Read MoreWe who live risk management know there are four responses when confronted with a credible risk to our organizations. We can treat the risk to reduce it. We can avoid the risk by altering our organization’s behavior. We can transfer the risk with insurance or outsourcing, though the transfer is rarely complete. Lastly, we can…
Read MoreThe National Cyber Security Centre (NCSC) was formed in 2016 to help protect the UK’s critical services from cyber attacks and help providers of those services manage major cyber incidents. NCSC has repeatedly warned that a major attack on critical national infrastructure is a matter of when, not if. Despite this, a recent cyber security…
Read MoreIntroduction In the 2018 Application Protection Report, we mentioned the potential vulnerabilities associated with application programming interfaces (APIs). These APIs specify how various application components and clients should autonomously interact with each other to deliver the application experience. Through APIs, software services exchange commands and data. Because of this, APIs are tantalizing morsels for predators…
Read MoreIntroduction No CISO is an island. Of all the executive roles in a mature organization, the CISO is one of the most dependent on the collaboration and integration of disparate resources and people. The CISO is responsible not for a specific, discrete segment of a business model but for managing an abstract principle with shifting…
Read More